Protecting Microsoft Networks with ISA Server 2004 - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Protecting Microsoft Networks with ISA Server 2004

Description:

Adds /Microsoft-Server-ActiveSync ... Not supported for Forms-based authentication ... User/Group based access control from VPN clients to any other location ... – PowerPoint PPT presentation

Number of Views:66
Avg rating:3.0/5.0
Slides: 19
Provided by: Revi150
Category:

less

Transcript and Presenter's Notes

Title: Protecting Microsoft Networks with ISA Server 2004


1
Protecting Microsoft Networks with ISA Server
2004
  • Enhanced Exchange/
  • VPN Support
  • By Thomas W. Shinder, M.D.
  • ISAserver.org
  • TACTEAM

2
Traditional Firewall Security
Packet Filters worked great!
CEO Is our network secure? PIX Admin Yes,
Ive configured packet filters to block all
attacks PIX IS SECURITY
3
Whats on Tap
  • Informal presentation
  • Whats new and improved in Exchange Server remote
    access connectivity and protection
  • Whats new and improved in the ISA Server 2004
    VPN Server and Gateway

4
ISA Server 2004 Enhanced Exchange Server
Protection
  • Forms-based authentication
  • Improved Exchange Publishing Wizard
  • Support for OMA/ActiveSync Publishing
  • RADIUS support for OWA Web Publishing scenarios
  • SSL to SSL Bridging
  • HTTP Security Filter protects SSL connections
    (SSL to SSL bridging)

5
ISA Server 2004 Forms-Based Authentication
  • Prevents caching of credentials
  • Controls sessions time-outs
  • Closes connection when user leaves site
  • Prevents attachment access or viewing
  • Delegates Basic authentication
  • Supports all versions of Exchange

6
ISA Server 2004 Enhanced Exchange Publishing
Wizard
  • Publish OWA/OMA/ActiveSync
  • Intuitive connection bridging interface
  • Certificates actually appear in console!
  • Create Web listeners on the fly
  • Does the rule configuration heavy-lifting"
  • Still need to prepare the network infrastructure
    to make it all work

7
ISA Server 2004 Support for OMA/ActiveSync
Publishing
  • Adds /OMA/
  • Adds /Microsoft-Server-ActiveSync/
  • Still need to configure the network
    infrastructure and split DNS
  • Also need to configure Exchange Server SSL and
    authentication settings

8
ISA Server 2004 RADIUS Support for OWA Publishing
  • Use RADIUS to authenticate remote OWA users
  • ISA Server 2004 does not need to be member of the
    domain
  • Not supported for Forms-based authentication
  • Use IPSec between ISA Server 2004 box and RADIUS
    server (PAP used)

9
ISA Server 2004 SSL to SSL Bridging
  • Client terminates SSL at the ISA Server 2004
    firewall
  • ISA Server 2004 firewall initiates second SSL
    link to Exchange Server
  • ISA Server 2004 firewall inspects connection
    while in transient unencrypted state
  • SSL to HTTP also supported (not recommended)

10
ISA Server 2004 HTTP Security Filter Protects
OWA/OMA/ActiveSync Connections
  • SSL to SSL encryption breaks open the SSL tunnel
  • HTTP Security Filter examines HTTP data moving
    through the tunnel
  • Can control virtually any aspect of the
    connection and block based on variety of
    characteristics

11
ISA Server 2004 Enhanced VPN Server and Gateway
  • Support for IPSec Tunnel Mode for
    interoperability
  • User/Group based access control from VPN clients
    to any other location
  • Lock down VPN client access only to required
    resources
  • User/group based access control also possible for
    VPN site to site links
  • VPN SecureNAT client now supported!

12
ISA Server 2004 IPSec Tunnel Mode Support
  • Weve been waiting for this for years
  • Supports IPSec tunnel mode with multiple third
    parties Cisco/Checkpoint/Netscreen
  • Not as secure as L2TP/IPSec
  • Detailed configuration article available when
    product releases

13
ISA Server 2004 User/Group based Access Control
for Remote Access VPN Clients
  • VPN log on credentials used for access control
  • Limit access to specific servers
  • Limit access to specific protocols
  • Limit access to specific content
  • Limit access to specific servers, using specific
    protocols to obtain specific content
  • Log all VPN remote access client connections
    user information included

14
ISA Server 2004 User/Group based Access Control
for Site to Site Links
  • Great for branch office scenarios
  • Limit branch office users to specific resources
    on the main office corpnet
  • Log on traffic, Exchange, File servers, and
    thats it
  • Granular access control based on user group

15
ISA Server 2004 VPN SecureNAT Client Support
  • Full Internet access for VPN clients
  • ISA Server 2004 required Firewall client
  • And/or Web Proxy client
  • Can still use Firewall and Web Proxy client
  • Enhance security and protocol support when VPN
    clients configured as Firewall and Web Proxy
    clients

16
ISA Server 2004 Exchange and VPN Summary
  • ISA Server 2004 Rocks
  • FBA and RADIUS pumps up the security volume on
    ISA Server 2004 remote access Exchange Server
    security
  • New VPN features make ISA Server 2004 VPN servers
    and gateways best of breed for protecting
    Microsoft networks

17
ISA Server 2004 For More Information
  • Buy my book!
  • ISA Server 2004 Configuration Guide
  • ISA Server 2004 Branch Office Kit
  • ISA Server 2004 Exchange Server Kit
  • ISA Server 2004 VPN Kit
  • ISA Server 2004 Quick Start Guide
  • www.isaserver.org

18
  • www.msfirewall.org/isa2004kits.htm
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Protecting Microsoft Networks with ISA Server 2004" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!